Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Map not showing in image details in album shared via link #8031

Closed
2 of 3 tasks
rovo89 opened this issue Mar 17, 2024 · 3 comments · Fixed by #8341
Closed
2 of 3 tasks

Map not showing in image details in album shared via link #8031

rovo89 opened this issue Mar 17, 2024 · 3 comments · Fixed by #8341
Assignees
@jrasm91
Labels
🗄️server

Comments

@rovo89
Copy link
Contributor

rovo89 commented Mar 17, 2024
edited by danieldietzler

The bug

Opening the image details ("i" icon), triggers a request to e.g. https://demo.immich.app/api/system-config/map/style.json?theme=light. However, this endpoint requires authentication as explicitly tested. That is a problem when viewing a shared album as anonymous user (via link), because it seems that no kind of authentication (including the sharing key) is passed for this request, resulting in a 401.

The OS that Immich Server is running on

Debian 12 / Docker

Version of Immich Server

v1.98.2

Version of Immich Mobile App

n/a

Platform with the issue

  • Server
  • Web
  • Mobile

Your docker-compose.yml content

n/a

Your .env content

n/a

Reproduction steps

These steps show the problem on the demo site:
1. Create an album with at least one picture in it.
2. Share the album via link, make sure to include metadata.
3. Open the link in an incognito window.
4. Open Chrome Developer Tools.
5. Click on the picture.
6. Click the "i" icon to show the Info panel.
7. Note that the map isn't showing and Developer Tools complain about a 401 for the mentioned `/api/system-config/map/style.json`.

Additional information

I'm wondering if there's really something so secret about the (not even customizable?) map styles that authentication must be required. Making the endpoint public should solve the issue.
@danieldietzler
Copy link
Member

danieldietzler commented Mar 17, 2024
edited

That is actually a good catch!

I'm wondering if there's really something so secret about the (not even customizable?) map styles that authentication must be required. Making the endpoint public should solve the issue.

Since we allow to provide a custom style.json we essentially allow people to use any map provider they'd like (GCP, maplibre, etc.). Those however require API key authentication (or user/password). Most (all I know of) map providers pass the authentication stuff in the URL, so if the immich instance is public and the style.json is publicly accessible, people could get access to those API keys. (When you look at the style.json file, sources, sprite (and potentially even glyphs) could all contain credentials)

@rovo89
Copy link
Contributor Author

rovo89 commented Mar 17, 2024

Ah, interesting... didn't know that the map style could be customized to that extent. So the naive "fix" won't work.

@jrasm91
Copy link
Contributor

jrasm91 commented Mar 22, 2024

I don't see why we can't just add "shared link auth" to this. That would be fine imo and super easy.

@jrasm91 jrasm91 self-assigned this Mar 22, 2024
@danieldietzler danieldietzler mentioned this issue Mar 28, 2024
Merged
@jrasm91 jrasm91 mentioned this issue Mar 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jrasm91 jrasm91

Labels
🗄️server
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(server): map style not being available for shared assets immich-app/immich
3 participants
@rovo89 @jrasm91 @danieldietzler